Organization
Data Entity
Description
A tenant organization on the Meander platform — one of the Norwegian voluntary-sector federations (e.g. NHF, Blindeforbundet, HLF, Barnekreftforeningen) or any sub-unit within their hierarchy. Owns all operational data for its members, controls which modules are enabled, and provides the multi-tenancy boundary that isolates data between tenants.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Surrogate primary key. Generated server-side (UUIDv4) on creation. | PKrequiredunique |
name |
string |
Full legal or display name of the organization (e.g. 'Norges Handikapforbund'). | required |
slug |
string |
URL-safe, human-readable identifier derived from the organization name. Used in API paths and internal references. | requiredunique |
org_number |
string |
Norwegian organization registry number (Organisasjonsnummer) — 9 digits. Required for Bufdir grant recipients. | unique |
type |
enum |
Organizational level within the Norwegian voluntary-sector hierarchy. | required |
parent_id |
uuid |
Foreign key to parent organization. NULL for top-level federations (national_federation) and platform_owner. Supports NHF's 12 landsforeninger → 9 regioner → 1400 lokallag hierarchy. | - |
status |
enum |
Lifecycle state of the organization. Inactive organizations retain all data but lose API access. | required |
country_code |
string |
ISO 3166-1 alpha-2 country code. Defaults to 'NO' for all current tenants. | required |
bufdir_grant_recipient |
boolean |
Whether this organization receives Bufdir grant funding and therefore requires Bufdir-compliant reporting. Enables Bufdir export in the admin portal. | required |
contact_email |
string |
Primary administrative contact email for the organization. | - |
contact_phone |
string |
Primary administrative contact phone number. | - |
address |
json |
Structured postal address: { street, city, postal_code, country }. | - |
logo_url |
string |
URL to the organization's logo asset, served from cloud storage. | - |
website_url |
string |
Public website of the organization. | - |
support_access_granted_until |
datetime |
UTC timestamp until which Global Admin support access is active for this organization. NULL means no support access is currently granted. Must be a future date when set. Every support session within this window is logged in the org's audit trail. | - |
support_access_granted_by |
uuid |
ID of the Org Admin user who granted the time-bounded Global Admin support access. NULL when no access is granted. | - |
locale |
string |
Default locale for this organization (e.g. 'nb-NO'). Drives date/number formatting and default language. | required |
max_users |
integer |
Optional soft cap on the number of active users in this organization. NULL means unlimited. | - |
created_at |
datetime |
UTC timestamp of organization record creation. | required |
updated_at |
datetime |
UTC timestamp of last modification to any organization field. | required |
deleted_at |
datetime |
Soft-delete timestamp. NULL for active organizations. Set instead of hard deleting to preserve all referential integrity and audit history. | - |
Database Indexes
idx_organizations_slug
Columns: slug
idx_organizations_org_number
Columns: org_number
idx_organizations_status
Columns: status
idx_organizations_parent_id
Columns: parent_id
idx_organizations_type_status
Columns: type, status
idx_organizations_deleted_at
Columns: deleted_at
Validation Rules
name_not_empty
error
Validation failed
slug_format
error
Validation failed
org_number_format
error
Validation failed
support_access_date_must_be_future
error
Validation failed
contact_email_format
error
Validation failed
logo_url_format
error
Validation failed
parent_must_exist_and_be_active
error
Validation failed
status_transition_valid
error
Validation failed
Business Rules
soft_delete_only
Organizations are never hard-deleted. Setting deleted_at performs a logical deletion that preserves all referential integrity and audit history. All queries must filter deleted_at IS NULL unless explicitly auditing.
support_access_time_bounded
Global Admin support access to an organization's operational data is only active while support_access_granted_until is in the future. The backend re-evaluates this on every request; no background job is required to revoke access. Every action performed under support access is written to the organization's audit_logs.
always_on_modules_non_toggleable
Certain area modules are non-toggleable for each product: Mobile App always-on set = authentication-access-control, home-navigation, accessibility, help-support, profile-management. Admin Portal always-on set = admin-dashboard, admin-user-management, admin-organization, admin-security. The Feature Toggles UI must not display these as toggleable options, and the API must reject any request to disable them.
module_dependency_cascade
If a module declares a dependency on another module in the registry, enabling the dependent module implicitly enables its dependency. The admin UI must surface this relationship rather than failing silently at runtime.
tenant_data_isolation
All queries against tenant-scoped tables (users, activities, contacts, expenses, etc.) must include the organization_id of the authenticated user's active context. Cross-organization data access is forbidden except for Global Admins with active support_access_granted_until.
bufdir_recipient_requires_org_number
An organization with bufdir_grant_recipient = true must have a valid org_number set. Bufdir export is blocked if org_number is missing.
no_circular_parent_reference
An organization's parent_id must not create a cycle in the hierarchy graph. The hierarchy must be a strict tree (DAG with no back-edges).
platform_owner_singleton
Exactly one organization of type 'platform_owner' may exist (Norse Digital Products). Creation of a second platform_owner record is rejected.